Twitter bearer access token request behaves differently on two servers


#1

I have to implement the oAuth2 application auth method for a twitter feed on a web site. I followed the procedure carefuly and it works on my dev server and on my managed VPS. Problem is, if i copy the code to other servers such as other clients still on old machines (Featuring PHP 5.2 for instance), it starts behaving incorrectly and returns either 403s or “Unable to verify your credentials”…

If i copy the other client’s credentials over to my dev server (5.3.10 machine) i can actually login, get the token, retrieve the tweets, but on the client’s server (5.2.17 machine) i can’t get it to work with the exact same code.

The code itself is pretty simple and relies of a few methods from Wordpress, all variables and values work fine, like i said, the code itself works, it just changes behavior on different machines:

$twitter_bearer_access_token = get_option(‘twitter_bearer_access_token’, null);
if($twitter_bearer_access_token == null)
{

//Request a bearer access token
$encodedAccessToken = base64_encode(TWITTER_CONSUMER_KEY.':'.TWITTER_CONSUMER_SECRET);

//Setup the stream context options and create the stream to POST to twitter
$options = array(
    'http' => array(
        'method' => 'POST',
        'header' => 'Authorization: Basic '.$encodedAccessToken,
        'content' => 'grant_type=client_credentials',
    ),
);
$context  = stream_context_create($options);
$result = json_decode(@file_get_contents('https://api.twitter.com/oauth2/token', false, $context));
if(isset($result->token_type) && $result->token_type == 'bearer')
{
    $twitter_bearer_access_token = $result->access_token;
    update_option('twitter_bearer_access_token', $twitter_bearer_access_token);
}
else
{
    $twitter_bearer_access_token = false;
}

}


#2

I would examine the SSL configuration in both environments – maybe there’s something different there?

I would also recommend not using file_get_contents for these kind of operations. Use a more full-featured HTTP client like Curl for PHP. Make sure you’re explicitly enabling all the SSL options you need like peer verification as well.


#3

Zend doesn’t recommend the use of Curl with PHP mostly because there has been a great overhaul on the PHP stream wrappers to actually achieve this without relying on an external dependency such as Curl. In my whole Zend engineer course and exam, they kept focusing on wrappers instead of curl…

If it’s the only way to solve my problem, which i’d be supprised (I’ll test it just to make sure) then i’ll opt for it…


#4

Oh well, it works with cURL, it seems i’ll just have to use two versions, one for servers that don’t work with the native PHP method and the other with cURL when i need a fallback… We’ll probably never know why it did that though!


#5

I would really caution you to look more deeply into how you’re approaching making the HTTP requests. In PHP and a few other programming environments it can be very easy to do things only half-way right. Make sure that your SSL setup is fully-functioning and verifying peers.

The method you’re using file_get_contents just happens to work when retrieving remote URLs, but it’s really not the best tool for the job (you’re not really getting “files” for one thing). There are also other HTTP solutions you could be using besides curl – curl is just the most familiar to me.